Windows
Analysis Report
file.exe
Overview
General Information
Detection
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Classification
- System is w10x64
file.exe (PID: 5956 cmdline:
C:\Users\u ser\Deskto p\file.exe MD5: 0C8E10CF6146A0F67D5E4F784C251FFE) pluT14Nj54.exe (PID: 3600 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP000. TMP\pluT14 Nj54.exe MD5: D16ACC7C93BF0ECC8BE14CAE8BE1F15A) plct23La85.exe (PID: 4552 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP001. TMP\plct23 La85.exe MD5: A19D601A69B407CED85F6C6E721D0E2C) plvy67MJ29.exe (PID: 5192 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP002. TMP\plvy67 MJ29.exe MD5: C55924DDF020D2D574D1FF1BDF1446FC) buze36rj14.exe (PID: 3472 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP003. TMP\buze36 rj14.exe MD5: 23F943F98B2EEF1D8427BA90111C34E2) caQi43qE17.exe (PID: 4632 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\IXP003. TMP\caQi43 qE17.exe MD5: 93E470CB72A45CE819FF3EDB9B4A51B3)
rundll32.exe (PID: 4280 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 00.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 4908 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 01.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 3624 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 02.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
rundll32.exe (PID: 3268 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user\App Data\Local \Temp\IXP0 03.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "193.233.20.24:4123", "Bot Id": "dunkan", "Authorization Header": "505c396c57c6287fc3fdc5f3aeab0819"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| Click to see the 11 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Click to see the 30 entries | ||||
| Timestamp: | 192.168.2.3193.233.20.244969941232043233 02/27/23-21:18:20.122346 |
| SID: | 2043233 |
| Source Port: | 49699 |
| Destination Port: | 4123 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 193.233.20.24192.168.2.34123496992043234 02/27/23-21:18:21.439552 |
| SID: | 2043234 |
| Source Port: | 4123 |
| Destination Port: | 49699 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.2.3193.233.20.244969941232043231 02/27/23-21:18:31.861096 |
| SID: | 2043231 |
| Source Port: | 49699 |
| Destination Port: | 4123 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
|---|
| Source: | Avira: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Avira: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | ReversingLabs: | |||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Code function: | 0_2_00172F1D | |
| Source: | Code function: | 1_2_00392F1D | |
| Source: | Code function: | 2_2_00132F1D | |
| Source: | Code function: | 3_2_00FD2F1D | |
Compliance |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00172390 | |
| Source: | Code function: | 1_2_00392390 | |
| Source: | Code function: | 2_2_00132390 | |
| Source: | Code function: | 3_2_00FD2390 | |
| Source: | Code function: | 10_2_0246EC20 | |
Networking |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | IP Address: | ||
| Source: | TCP traffic: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Binary or memory string: | ||
System Summary |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00173BA2 | |
| Source: | Code function: | 0_2_00175C9E | |
| Source: | Code function: | 1_2_00393BA2 | |
| Source: | Code function: | 1_2_00395C9E | |
| Source: | Code function: | 2_2_00133BA2 | |
| Source: | Code function: | 2_2_00135C9E | |
| Source: | Code function: | 3_2_00FD3BA2 | |
| Source: | Code function: | 3_2_00FD5C9E | |
| Source: | Code function: | 10_2_00408C60 | |
| Source: | Code function: | 10_2_0040DC11 | |
| Source: | Code function: | 10_2_00407C3F | |
| Source: | Code function: | 10_2_00418CCC | |
| Source: | Code function: | 10_2_00406CA0 | |
| Source: | Code function: | 10_2_004028B0 | |
| Source: | Code function: | 10_2_0041A4BE | |
| Source: | Code function: | 10_2_00418244 | |
| Source: | Code function: | 10_2_00401650 | |
| Source: | Code function: | 10_2_00402F20 | |
| Source: | Code function: | 10_2_004193C4 | |
| Source: | Code function: | 10_2_00418788 | |
| Source: | Code function: | 10_2_00402F89 | |
| Source: | Code function: | 10_2_00402B90 | |
| Source: | Code function: | 10_2_004073A0 | |
| Source: | Code function: | 10_2_008D6090 | |
| Source: | Code function: | 10_2_024620C8 | |
| Source: | Code function: | 10_2_02461DAA | |
| Source: | Code function: | 10_2_02461DB8 | |
| Source: | Code function: | 10_2_050DECC8 | |
| Source: | Dropped File: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00171F90 | |
| Source: | Code function: | 1_2_00391F90 | |
| Source: | Code function: | 2_2_00131F90 | |
| Source: | Code function: | 3_2_00FD1F90 | |
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0017597D | |
| Source: | Code function: | 4_2_00007FFBACE61B10 | |
| Source: | Code function: | 0_2_00174FE0 | |
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00171F90 | |
| Source: | Code function: | 1_2_00391F90 | |
| Source: | Code function: | 2_2_00131F90 | |
| Source: | Code function: | 3_2_00FD1F90 | |
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_0017597D | |
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 10_2_004019F0 | |
| Source: | Process created: | ||
| Source: | Command line argument: | 0_2_00172BFB | |
| Source: | Command line argument: | 1_2_00392BFB | |
| Source: | Command line argument: | 2_2_00132BFB | |
| Source: | Command line argument: | 3_2_00FD2BFB | |
| Source: | Command line argument: | 10_2_00413780 | |
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_00177260 | |
| Source: | Code function: | 1_2_00397260 | |
| Source: | Code function: | 2_2_00137260 | |
| Source: | Code function: | 3_2_00FD7260 | |
| Source: | Code function: | 10_2_0041C4E2 | |
| Source: | Code function: | 10_2_00423179 | |
| Source: | Code function: | 10_2_0041C4E2 | |
| Source: | Code function: | 10_2_00423179 | |
| Source: | Code function: | 10_2_0040E230 | |
| Source: | Code function: | 10_2_0041C6BF | |
| Source: | Code function: | 10_2_008D8ADC | |
| Source: | Code function: | 10_2_008DBA19 | |
| Source: | Code function: | 10_2_02465740 | |
| Source: | Code function: | 0_2_00172F1D | |
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_00171AE8 | |
| Source: | Code function: | 1_2_00391AE8 | |
| Source: | Code function: | 2_2_00131AE8 | |
| Source: | Code function: | 3_2_00FD1AE8 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion |
|---|
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 10_2_004019F0 | |
| Source: | Evasive API call chain: | ||
| Source: | Evasive API call chain: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Check user administrative privileges: | |||
| Source: | Check user administrative privileges: | graph_2-2575 | ||
| Source: | Check user administrative privileges: | graph_1-2450 | ||
| Source: | Check user administrative privileges: | graph_0-2575 | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Registry key enumerated: | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | API call chain: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00175467 | |
| Source: | Code function: | 0_2_00172390 | |
| Source: | Code function: | 1_2_00392390 | |
| Source: | Code function: | 2_2_00132390 | |
| Source: | Code function: | 3_2_00FD2390 | |
| Source: | Code function: | 10_2_004019F0 | |
| Source: | Code function: | 0_2_00172F1D | |
| Source: | Code function: | 10_2_008D6FBB | |
| Source: | Code function: | 10_2_0040CE09 | |
| Source: | Code function: | 10_2_0040ADB0 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 10_2_02460490 | |
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Code function: | 0_2_00176F40 | |
| Source: | Code function: | 0_2_00176CF0 | |
| Source: | Code function: | 1_2_00396F40 | |
| Source: | Code function: | 1_2_00396CF0 | |
| Source: | Code function: | 2_2_00136F40 | |
| Source: | Code function: | 2_2_00136CF0 | |
| Source: | Code function: | 3_2_00FD6F40 | |
| Source: | Code function: | 3_2_00FD6CF0 | |
| Source: | Code function: | 10_2_0040CE09 | |
| Source: | Code function: | 10_2_0040E61C | |
| Source: | Code function: | 10_2_00416F6A | |
| Source: | Code function: | 10_2_004123F1 | |
| Source: | Code function: | 0_2_001718A3 | |
| Source: | Code function: | 10_2_00417A20 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00177155 | |
| Source: | Code function: | 4_2_00007FFBACE6077D | |
| Source: | Code function: | 0_2_00172BFB | |
Lowering of HIPS / PFW / Operating System Security Settings |
|---|
| Source: | Registry key value created / modified: | Jump to behavior | ||
| Source: | Registry key value created / modified: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 221 Windows Management Instrumentation | 1 Windows Service | 2 Bypass User Access Control | 21 Disable or Modify Tools | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
| Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 3 Data from Local System | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | 2 Command and Scripting Interpreter | Logon Script (Windows) | 1 Windows Service | 3 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 1 Input Capture | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | 1 Service Execution | Logon Script (Mac) | 1 Process Injection | 21 Software Packing | NTDS | 137 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 361 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Bypass User Access Control | Cached Domain Credentials | 231 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Masquerading | DCSync | 12 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 231 Virtualization/Sandbox Evasion | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
| Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 Process Injection | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
| Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | 1 Rundll32 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 64% | ReversingLabs | ByteCode-MSIL.Trojan.RedLine | ||
| 54% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1252166 | ||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1252166 | ||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 100% | Joe Sandbox ML | |||
| 74% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
| 69% | Virustotal | Browse | ||
| 54% | ReversingLabs | Win32.Trojan.Tedy | ||
| 47% | Virustotal | Browse | ||
| 26% | ReversingLabs | Win32.Trojan.CrypterX | ||
| 26% | Virustotal | Browse | ||
| 54% | ReversingLabs | Win32.Trojan.Tedy | ||
| 26% | ReversingLabs | Win32.Trojan.CrypterX |
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | TR/Patched.Ren.Gen | Download File | ||
| 100% | Avira | TR/Patched.Ren.Gen | Download File | ||
| 100% | Avira | HEUR/AGEN.1252166 | Download File | ||
| 100% | Avira | HEUR/AGEN.1252166 | Download File | ||
| 100% | Avira | TR/Patched.Ren.Gen | Download File |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 193.233.20.24 | unknown | Russian Federation | 8749 | REDCOM-ASRedcomKhabarovskRussiaRU | true |
| Joe Sandbox Version: | 37.0.0 Beryl |
| Analysis ID: | 816370 |
| Start date and time: | 2023-02-27 21:16:43 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 11m 33s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 22 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample file name: | file.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@15/10@0/1 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 21:18:31 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 193.233.20.24 | Get hash | malicious | RedLine | Browse | ||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | Amadey, RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse | |||
| Get hash | malicious | RedLine | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| REDCOM-ASRedcomKhabarovskRussiaRU | Get hash | malicious | RedLine | Browse |
| |
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | Amadey, RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
| ||
| Get hash | malicious | RedLine | Browse |
|
| Process: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 226 |
| Entropy (8bit): | 5.354940450065058 |
| Encrypted: | false |
| SSDEEP: | 6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv |
| MD5: | B10E37251C5B495643F331DB2EEC3394 |
| SHA1: | 25A5FFE4C2554C2B9A7C2794C9FE215998871193 |
| SHA-256: | 8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D |
| SHA-512: | 296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2843 |
| Entropy (8bit): | 5.3371553026862095 |
| Encrypted: | false |
| SSDEEP: | 48:MIHK5HKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1Hl:Pq5qXeqm00YqhQnouOqLqdqNq2qzcGtx |
| MD5: | E9C2F4CC11CEA097B88D7D224F41A5B3 |
| SHA1: | B16891C1E967E2803C1F994CA61ED82A52233C54 |
| SHA-256: | 843CF5780CF7C018F8431C1A69DB910BDC039E48C495A2C854A0C1A9C52CAF82 |
| SHA-512: | 2259C7E86AE80AC4CB26AB22FE50295D2C17E45BF31DF0BC3E91BCC9063300616764C1219E9B40A16EED0D2D63035B0EF1ED7B1BDBAEDF9408BF9D46E5A86D48 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\file.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 179350 |
| Entropy (8bit): | 4.9480962176817425 |
| Encrypted: | false |
| SSDEEP: | 3072:6xqZWBJaHEDgXTzzfMK8emA9Xh8fxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOG:oqZVTPfBbXh |
| MD5: | 32E2EFAFEE3B768A9C4604727D692077 |
| SHA1: | 46CE5FD08B40BC203D6B0B9DF1B47185ABCD504F |
| SHA-256: | C665BE7A74C2C3F38E8EFA0998D6D52668B56287464EA247EA52AE17F91937BE |
| SHA-512: | 08F29ABC146EEB5CC808172BB83545E5F37293E35E9A1A36B9EB5491C7B085DC715B8EE3B4CD90E723AD52138D8D7119BA5E08A43E0F873DBBF697BF4F979064 |
| Malicious: | true |
| Yara Hits: |
|
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\file.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 906240 |
| Entropy (8bit): | 7.91223652331673 |
| Encrypted: | false |
| SSDEEP: | 12288:7Mr9y904k1gr1VZEDRkLq/uvrQWQ42Syrq+g3ZclzYwEjVGhWriFj5rgR5+k1F0x:yyT3r0BuvskTy6yMwwAYm5ERw8F4cG |
| MD5: | D16ACC7C93BF0ECC8BE14CAE8BE1F15A |
| SHA1: | 9E463F325A67401D5966FC8DE612525AFF28356D |
| SHA-256: | BE5DB62AA39661F851800B909035991F177AA3A277026BDC3015F797EE85B0A0 |
| SHA-512: | E01C1DD40948FA57A48A43F624A4F4CB78259728F31003C95C4D61FE27B6663EA371BC10FDF9ED447BC6C28E6DC15F5E41AACBEE03463B5A58EA90673DFAF6F1 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 313856 |
| Entropy (8bit): | 7.320447473996942 |
| Encrypted: | false |
| SSDEEP: | 6144:h0xQZh23G4D4EFCd7KUGU+NSjclyAFhk68XEMDtRnZeTbE6PfM:h0SZSG4cTKUtvcllh0EcHZG |
| MD5: | 93E470CB72A45CE819FF3EDB9B4A51B3 |
| SHA1: | 8F06779116BFAA52497EC079BC6C12C4EF88B68E |
| SHA-256: | 2C0208F12D918E001922D851B78A9C632B4E1959E1AA888BF7EFBA150ECAEE49 |
| SHA-512: | BC9D4583EC9C29D53D59352629BE5378F4D468DB0F0062BC0EC48624BD4F3C34AD7425B14EF27C21A4D6C4FB465A32186C4CDB8982CE8293CC3FAAA1940573D4 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 676864 |
| Entropy (8bit): | 7.865142493950552 |
| Encrypted: | false |
| SSDEEP: | 12288:JMrNy90m6L3OvriWQW2fyoq+gHZclaS4EDVGhbriAj5Fg85+eqFqT:kyXvW6Gyfyr48Axd5+8wfFK |
| MD5: | A19D601A69B407CED85F6C6E721D0E2C |
| SHA1: | 02C12195F32714198E27AA956EBF09DF5397D3CC |
| SHA-256: | 33940678091A72B7F32492518A6B87F79A573B8BB3BB802621667960D7599B7D |
| SHA-512: | 69153D4B0D783A6F3B932BE8CBADD80BD597B3308F444547BC918975356B0088051A751B2160CE2BA296DF655B43820630D21C5685F5C3D7A01755F14D5F83EE |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 253952 |
| Entropy (8bit): | 7.089913840101579 |
| Encrypted: | false |
| SSDEEP: | 3072:nHOAjO/AOKJL0or0n7zSoP2fbB+XgRU2DnufOEjc7NfiWOpIn+vnJVb+:Hli/ARV0or0xCB6ghDufydSgQnr+ |
| MD5: | 16CD045519321C1F674C2C52ED92CD5A |
| SHA1: | 41703764D7FF71A0DAD4B54F62FA8412C45B3EDE |
| SHA-256: | B873395D8B0B53E7C0F6192AE48A129253F4D592A58919DDE8668B9D3FA9EB33 |
| SHA-512: | B72315FF3771EF4F4CA669D991D1FDF2928CB0B6F377D682B267583F8382870EF6987DBC780F73AC6B1FBD51593803478910187D62B5B06C3015FF8CE9C7D07E |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: | |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 397824 |
| Entropy (8bit): | 7.705781046496275 |
| Encrypted: | false |
| SSDEEP: | 6144:Kby+bnr+EaN7MqvKSyeO+ueO+zjTDzjTmmmmp2222222cBxhRBxhRBxhRBxqVp0h:pMrCy90LIFe8KUtZclauXEPV8h9riU |
| MD5: | C55924DDF020D2D574D1FF1BDF1446FC |
| SHA1: | EBF73995124960D5ACA074A3D54F61721E213315 |
| SHA-256: | 8A7C493DD26705372D5D0B4D1F10AC5012651FDB080C0D5C9D06AF74FA4BDFC1 |
| SHA-512: | FE8320D7EE3B8AF751241FFAE0B0740E1058E80540583A241D210AD7F37ADB08FE82EDB9A1222544BDCA5E45F4ACEF91BE9A2BE22061020E3C96E2E6142ED382 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11614 |
| Entropy (8bit): | 4.862051929853911 |
| Encrypted: | false |
| SSDEEP: | 96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp |
| MD5: | 23F943F98B2EEF1D8427BA90111C34E2 |
| SHA1: | 47BE76D126057E63DD8C9BE3F7EAC252A86A9B53 |
| SHA-256: | 76EE34B15E8F7D1A38BA5D8221AC5144BC624A7253195AFEE8E83D93C68DE6D5 |
| SHA-512: | 32EA29DF413FDC8F630212957A8E4FD91575A9431DA4750758B156EC013F6C5C700FECA8271AEE81FB5DC6EF12EA4578F107781149563BE2988A28A2FEB9D811 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 313856 |
| Entropy (8bit): | 7.320447473996942 |
| Encrypted: | false |
| SSDEEP: | 6144:h0xQZh23G4D4EFCd7KUGU+NSjclyAFhk68XEMDtRnZeTbE6PfM:h0SZSG4cTKUtvcllh0EcHZG |
| MD5: | 93E470CB72A45CE819FF3EDB9B4A51B3 |
| SHA1: | 8F06779116BFAA52497EC079BC6C12C4EF88B68E |
| SHA-256: | 2C0208F12D918E001922D851B78A9C632B4E1959E1AA888BF7EFBA150ECAEE49 |
| SHA-512: | BC9D4583EC9C29D53D59352629BE5378F4D468DB0F0062BC0EC48624BD4F3C34AD7425B14EF27C21A4D6C4FB465A32186C4CDB8982CE8293CC3FAAA1940573D4 |
| Malicious: | true |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.928880210499275 |
| TrID: |
|
| File name: | file.exe |
| File size: | 1046528 |
| MD5: | 0c8e10cf6146a0f67d5e4f784c251ffe |
| SHA1: | ec1922422ad71e92c53acbe0db7f27161fc8a426 |
| SHA256: | f4e5103746728e49e2aad05ffc1f61d58a9f61071a822642779d5980d001e54f |
| SHA512: | b068ac9aaded5afd3dbbc4d3a362573fdd8ad0bb82c6673c22ad3e92c2ceb666ea8e397c54b90e830b838964ec0d6919f9a316e4edf0f136dc4d322f1ddcc74d |
| SSDEEP: | 24576:ryhN0hWbgTrEJK1yWy7SaAG+nIRwmFKk2AMukb:ehNsWEfEJ37eGSpmFKk2AMuk |
| TLSH: | AA25220BD7EC9177D47117741AFA03D3063A7C62AA78529B2B8E5D1D0CB26B1B272327 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d. |
| Icon Hash: | f8e0e4e8ecccc870 |
| Entrypoint: | 0x406a60 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x628D60E2 [Tue May 24 22:49:06 2022 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 10 |
| OS Version Minor: | 0 |
| File Version Major: | 10 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 10 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 646167cce332c1c252cdcb1839e0cf48 |
| Instruction |
|---|
| call 00007F7E18BDBED5h |
| jmp 00007F7E18BDB7E5h |
| push 00000058h |
| push 004072B8h |
| call 00007F7E18BDBF77h |
| xor ebx, ebx |
| mov dword ptr [ebp-20h], ebx |
| lea eax, dword ptr [ebp-68h] |
| push eax |
| call dword ptr [0040A184h] |
| mov dword ptr [ebp-04h], ebx |
| mov eax, dword ptr fs:[00000018h] |
| mov esi, dword ptr [eax+04h] |
| mov edi, ebx |
| mov edx, 004088ACh |
| mov ecx, esi |
| xor eax, eax |
| lock cmpxchg dword ptr [edx], ecx |
| test eax, eax |
| je 00007F7E18BDB7FAh |
| cmp eax, esi |
| jne 00007F7E18BDB7E9h |
| xor esi, esi |
| inc esi |
| mov edi, esi |
| jmp 00007F7E18BDB7F2h |
| push 000003E8h |
| call dword ptr [0040A188h] |
| jmp 00007F7E18BDB7B9h |
| xor esi, esi |
| inc esi |
| cmp dword ptr [004088B0h], esi |
| jne 00007F7E18BDB7ECh |
| push 0000001Fh |
| call 00007F7E18BDBD0Bh |
| pop ecx |
| jmp 00007F7E18BDB81Ch |
| cmp dword ptr [004088B0h], ebx |
| jne 00007F7E18BDB80Eh |
| mov dword ptr [004088B0h], esi |
| push 004010C4h |
| push 004010B8h |
| call 00007F7E18BDB936h |
| pop ecx |
| pop ecx |
| test eax, eax |
| je 00007F7E18BDB7F9h |
| mov dword ptr [ebp-04h], FFFFFFFEh |
| mov eax, 000000FFh |
| jmp 00007F7E18BDB919h |
| mov dword ptr [004081E4h], esi |
| cmp dword ptr [004088B0h], esi |
| jne 00007F7E18BDB7FDh |
| push 004010B4h |
| push 004010ACh |
| call 00007F7E18BDBEC5h |
| pop ecx |
| pop ecx |
| mov dword ptr [000088B0h], 00000000h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa28c | 0xb4 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0xf7084 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x104000 | 0x888 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1410 | 0x54 | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1008 | 0x40 | .text |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xa000 | 0x288 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6314 | 0x6400 | False | 0.5744140625 | data | 6.314163792045976 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x8000 | 0x1a48 | 0x200 | False | 0.609375 | data | 4.970639543960129 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0xa000 | 0x1052 | 0x1200 | False | 0.4140625 | data | 5.025949912909207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0xc000 | 0xf8000 | 0xf7200 | False | 0.9623946873419322 | data | 7.948377611360806 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x104000 | 0x888 | 0xa00 | False | 0.746484375 | data | 6.222637930812128 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| AVI | 0xcb30 | 0x2e1a | RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp | English | United States |
| RT_ICON | 0xf94c | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States |
| RT_ICON | 0xffb4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States |
| RT_ICON | 0x1029c | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 288 | English | United States |
| RT_ICON | 0x10484 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States |
| RT_ICON | 0x105ac | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States |
| RT_ICON | 0x11454 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States |
| RT_ICON | 0x11cfc | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | English | United States |
| RT_ICON | 0x123c4 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States |
| RT_ICON | 0x1292c | 0xd9d2 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x20300 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
| RT_ICON | 0x228a8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
| RT_ICON | 0x23950 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States |
| RT_ICON | 0x242d8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
| RT_DIALOG | 0x24740 | 0x2f2 | data | English | United States |
| RT_DIALOG | 0x24a34 | 0x35c | data | Russian | Russia |
| RT_DIALOG | 0x24d90 | 0x1b0 | data | English | United States |
| RT_DIALOG | 0x24f40 | 0x1b4 | data | Russian | Russia |
| RT_DIALOG | 0x250f4 | 0x166 | data | English | United States |
| RT_DIALOG | 0x2525c | 0x168 | data | Russian | Russia |
| RT_DIALOG | 0x253c4 | 0x1c0 | data | English | United States |
| RT_DIALOG | 0x25584 | 0x1e0 | data | Russian | Russia |
| RT_DIALOG | 0x25764 | 0x130 | data | English | United States |
| RT_DIALOG | 0x25894 | 0x150 | data | Russian | Russia |
| RT_DIALOG | 0x259e4 | 0x120 | data | English | United States |
| RT_DIALOG | 0x25b04 | 0x122 | data | Russian | Russia |
| RT_STRING | 0x25c28 | 0x8c | Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0 | English | United States |
| RT_STRING | 0x25cb4 | 0x86 | Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0 | Russian | Russia |
| RT_STRING | 0x25d3c | 0x520 | data | English | United States |
| RT_STRING | 0x2625c | 0x52e | data | Russian | Russia |
| RT_STRING | 0x2678c | 0x5cc | data | English | United States |
| RT_STRING | 0x26d58 | 0x592 | data | Russian | Russia |
| RT_STRING | 0x272ec | 0x4b0 | data | English | United States |
| RT_STRING | 0x2779c | 0x4b2 | data | Russian | Russia |
| RT_STRING | 0x27c50 | 0x44a | data | English | United States |
| RT_STRING | 0x2809c | 0x43e | data | Russian | Russia |
| RT_STRING | 0x284dc | 0x3ce | data | English | United States |
| RT_STRING | 0x288ac | 0x2fc | data | Russian | Russia |
| RT_RCDATA | 0x28ba8 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x28bb0 | 0xd939e | Microsoft Cabinet archive data, many, 889758 bytes, 2 files, at 0x2c +A "pluT14Nj54.exe" +A "grWB27Fb84.exe", ID 2298, number 1, 34 datablocks, 0x1503 compression | English | United States |
| RT_RCDATA | 0x101f50 | 0x4 | data | English | United States |
| RT_RCDATA | 0x101f54 | 0x24 | data | English | United States |
| RT_RCDATA | 0x101f78 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x101f80 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x101f88 | 0x4 | data | English | United States |
| RT_RCDATA | 0x101f8c | 0xf | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x101f9c | 0x4 | data | English | United States |
| RT_RCDATA | 0x101fa0 | 0xf | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x101fb0 | 0x4 | data | English | United States |
| RT_RCDATA | 0x101fb4 | 0x8 | data | English | United States |
| RT_RCDATA | 0x101fbc | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_RCDATA | 0x101fc4 | 0x7 | ASCII text, with no line terminators | English | United States |
| RT_GROUP_ICON | 0x101fcc | 0xbc | data | English | United States |
| RT_VERSION | 0x102088 | 0x408 | data | English | United States |
| RT_VERSION | 0x102490 | 0x410 | data | Russian | Russia |
| RT_MANIFEST | 0x1028a0 | 0x7e2 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
| DLL | Import |
|---|---|
| ADVAPI32.dll | GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges |
| KERNEL32.dll | _lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA |
| GDI32.dll | GetDeviceCaps |
| USER32.dll | SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics |
| msvcrt.dll | _controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset |
| COMCTL32.dll | |
| Cabinet.dll | |
| VERSION.dll | GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States | |
| Russian | Russia |
| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 192.168.2.3193.233.20.244969941232043233 02/27/23-21:18:20.122346 | TCP | 2043233 | ET TROJAN RedLine Stealer TCP CnC net.tcp Init | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| 193.233.20.24192.168.2.34123496992043234 02/27/23-21:18:21.439552 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| 192.168.2.3193.233.20.244969941232043231 02/27/23-21:18:31.861096 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 27, 2023 21:18:18.424452066 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:18.446439028 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:18.446657896 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:20.122345924 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:20.144684076 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:20.220628977 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:21.416583061 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:21.439552069 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:21.508327007 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:28.213684082 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:28.239495993 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:28.239624023 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:28.239659071 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:28.239743948 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:28.290103912 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.396398067 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.437875032 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.494502068 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.556098938 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.578075886 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.578485012 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.633999109 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.650779963 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.673506021 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.695463896 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.720451117 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.723774910 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.746045113 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.765677929 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.788840055 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.837141037 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.953996897 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:29.976097107 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.976535082 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:29.982466936 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:30.005038023 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:30.055963039 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:30.089674950 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:30.112140894 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:30.116503000 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:30.138717890 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:30.156924009 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:30.179238081 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:30.193639994 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:30.216684103 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:30.259073019 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:30.526597977 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:30.549205065 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:30.602755070 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.400273085 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.422163963 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:31.422740936 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:31.477889061 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.484872103 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.506949902 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:31.507013083 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:31.507611990 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:31.555988073 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.652384996 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.675062895 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:31.727966070 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.835983992 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.858417988 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:31.861095905 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
| Feb 27, 2023 21:18:31.883404970 CET | 4123 | 49699 | 193.233.20.24 | 192.168.2.3 |
| Feb 27, 2023 21:18:31.919533014 CET | 49699 | 4123 | 192.168.2.3 | 193.233.20.24 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 21:17:42 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\Desktop\file.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x170000 |
| File size: | 1046528 bytes |
| MD5 hash: | 0C8E10CF6146A0F67D5E4F784C251FFE |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Target ID: | 1 |
| Start time: | 21:17:42 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\pluT14Nj54.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x390000 |
| File size: | 906240 bytes |
| MD5 hash: | D16ACC7C93BF0ECC8BE14CAE8BE1F15A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 2 |
| Start time: | 21:17:43 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\plct23La85.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x130000 |
| File size: | 676864 bytes |
| MD5 hash: | A19D601A69B407CED85F6C6E721D0E2C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 3 |
| Start time: | 21:17:43 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\plvy67MJ29.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xfd0000 |
| File size: | 397824 bytes |
| MD5 hash: | C55924DDF020D2D574D1FF1BDF1446FC |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 4 |
| Start time: | 21:17:44 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\buze36rj14.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x900000 |
| File size: | 11614 bytes |
| MD5 hash: | 23F943F98B2EEF1D8427BA90111C34E2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 5 |
| Start time: | 21:17:51 |
| Start date: | 27/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6e8c60000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 10 |
| Start time: | 21:17:55 |
| Start date: | 27/02/2023 |
| Path: | C:\Users\user\AppData\Local\Temp\IXP003.TMP\caQi43qE17.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 313856 bytes |
| MD5 hash: | 93E470CB72A45CE819FF3EDB9B4A51B3 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 12 |
| Start time: | 21:18:02 |
| Start date: | 27/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6e8c60000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 16 |
| Start time: | 21:18:12 |
| Start date: | 27/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6e8c60000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Target ID: | 17 |
| Start time: | 21:18:20 |
| Start date: | 27/02/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6e8c60000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
Execution Graph
| Execution Coverage: | 28.6% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 26.8% |
| Total number of Nodes: | 959 |
| Total number of Limit Nodes: | 24 |
Graph
Callgraph
Function 00173BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00171AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00174FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00172F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00172BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00176F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0017202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001755A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001744B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001753A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0017256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00176A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001758C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00173FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001751E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001752B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00171FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00174C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0017487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00174AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0017658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0017621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00174B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001766AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00174CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00174CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00175C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00171F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00176CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00173210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00172CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001734F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00174224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00172773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00172267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00173100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001717EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00172AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001743D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0017681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00173A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001736EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00176495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001728E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00174169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001719E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001747E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00176517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00173680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001765E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001769B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 28.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 962 |
| Total number of Limit Nodes: | 25 |
Graph
Callgraph
Function 00393BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00391AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00392F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00392BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00396F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003955A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00394FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003944B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003953A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00396A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003958C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00393FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003951E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003952B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00391FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00394C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00394AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00394B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003966AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00394CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00394CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00395C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00391F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00393210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00392CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003934F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00394224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00392773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00392267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00393100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0039681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003917EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00392AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003928E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003943D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00393A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003936EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 78% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00396495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00394169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003919E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003947E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00393680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003965E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 003969B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 28.7% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 960 |
| Total number of Limit Nodes: | 24 |
Graph
Callgraph
Function 00133BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00131AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00132F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00132BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00136F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0013202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001355A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00134FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001344B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001353A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0013256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00136A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001358C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00133FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001351E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001352B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00131FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00134C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0013487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00134AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0013658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0013621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00134B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001366AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00134CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00134CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00135C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00131F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00136CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00133210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00132CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001334F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00134224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00132773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00132267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00133100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001317EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00132AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001343D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0013681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00133A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001336EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00136495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001328E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00134169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001319E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001347E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00136517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00133680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001365E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 001369B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Callgraph
Function 00FD3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
| C-Code - Quality: 70% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 75% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
| C-Code - Quality: 74% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
| C-Code - Quality: 92% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
| C-Code - Quality: 60% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
| C-Code - Quality: 76% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
| C-Code - Quality: 50% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
| C-Code - Quality: 62% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 82% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
| C-Code - Quality: 57% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
| C-Code - Quality: 95% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
| C-Code - Quality: 75% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
| C-Code - Quality: 32% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
| C-Code - Quality: 93% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 88% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
| C-Code - Quality: 77% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
| C-Code - Quality: 72% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Callgraph
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004019F0 Relevance: 147.7, APIs: 34, Strings: 50, Instructions: 747comprocessCOMMON
Control-flow Graph
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02460490 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 289libraryCOMMON
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
Control-flow Graph
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
Control-flow Graph
| C-Code - Quality: 63% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008D76DE Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0246FDB0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 050D0130 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 050D0138 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
| C-Code - Quality: 25% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008D739D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0074D164 Relevance: .1, Instructions: 77COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0074D48C Relevance: .1, Instructions: 76COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0074D754 Relevance: .1, Instructions: 75COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0074D15F Relevance: .1, Instructions: 58COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0074D487 Relevance: .1, Instructions: 57COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0074D74F Relevance: .1, Instructions: 56COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0074D01D Relevance: .0, Instructions: 45COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0074D01C Relevance: .0, Instructions: 36COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0246EC20 Relevance: .1, Instructions: 114COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 008D6FBB Relevance: .1, Instructions: 61COMMON
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
| C-Code - Quality: 90% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
| C-Code - Quality: 77% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
| C-Code - Quality: 65% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
| C-Code - Quality: 97% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |